Re: Copying an EVP_CIPHER_CTX

Mon, 28 Jan 2008 04:22:18 -0800 

On Mon, Jan 28, 2008, Sam Elstob wrote:

> Hello
> 
> We recently upgraded the version of OpenSSL used in our application from
> 0.9.6c to 0.9.8e.  Everything is fine except I have found that some of our
> code was using memcpy() to 'save' and 'restore' EVP_CIPHER_CTX structures.
> I understand now from looking at the OpenSSL code that this use was invalid
> since we should not assume that an EVP_CIPHER_CTX can be correctly copied
> via a simple memcpy().
> 
> My question: Is there a valid way to copy an EVP_CIPHER_CTX structure?  I
> have created a function which does this as a hack to get us up and running:
> 
> int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
> {
>     int retval = EVP_CipherInit_ex(out, EVP_CIPHER_CTX_cipher(in),
> in->engine,
>                                 NULL, /* key */
>                                 NULL, /* iv */
>                                 in->encrypt);
>     if (retval == 1)
>     {
>         memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
>     }
>     return retval;
> }
> 
> 
> 
> Our goal is really to save and restore the cipher state of an RC4 cipher
> context.  It does not seem to be possible to ask an EVP_CIPHER_CTX to save
> and restore it's internal state.  Any ideas would be welcomed?
> 

This is really an omission in the library and there should be a way to copy an
EVP_CIPHER_CTX. In the case of an ENGINE the data might be (for example) a
reference to a handle which, if copied, will result in two linked versions of
the same ctx instead of independent versions.

So something similar to the EVP_MD_CTX_copy() functionality is needed
but for ciphers so an ENGINE can do whatever it needs to to copy a context.
If we add this no existing ENGINE will support it of course.

If you just want something that works for internal RC4 ciphers then a "hack"
will do.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to